netfpga summer course€¦ · summer course technion, haifa, il 2015 53 oflops • holistic switch...
Post on 01-Apr-2021
1 Views
Preview:
TRANSCRIPT
Summer Course Technion, Haifa, IL 2015 1
NetFPGA Summer Course
Presented by:
Noa Zilberman
Yury Audzevich
Technion
August 2 – August 6, 2015
http://NetFPGA.org
Summer Course Technion, Haifa, IL 2015 2
USING NETFPGA AS AN
APPLICATION
Summer Course Technion, Haifa, IL 2015 3
Agenda
• NetFPGA as an application
• OpenFlow as an example
• OSNT
• BlueSwitch
Summer Course Technion, Haifa, IL 2015 4
NetFPGA as an Application
• Hardware development is just one aspect
of research
• Many need flexible, open source platforms
• Idea: take a project developed over
NetFPGA and be an end-user
Summer Course Technion, Haifa, IL 2015 5
OpenFlow as an Example
• Have you heard of Software Defined
Networking?
• OpenFlow is a southbound interface
between the data and a control plane
• NetFPGA enabled OpenFlow
– Provided a widely available open-source
development platform
– Capable of line-rate
• NetFPGA was, until its commercial uptake,
the reference platform for OpenFlow
Summer Course Technion, Haifa, IL 2015 6
Early OpenFlow Deployments
Nick McKeown
Why can’t I innovate
in my wiring closet?MIT CSAIL Colloquium,
April 17 2008
Summer Course Technion, Haifa, IL 2015 7
BLUESWITCH
Summer Course Technion, Haifa, IL 2015 8
BlueSwitch
• An openFlow switch
• Parameterized modular design
• Multi-Table
• Provides packet consistency
– In the internal datapath of the switch
• Supports openFlow v1.4 Bundle feature
– Atomic updates to switch configuration
• Currently running over NetFPGA-10G
Summer Course Technion, Haifa, IL 2015 17
Inconsistent policy update in SDN - Security and
Resilience
SW0Untrusted
Port1
Untrusted
SW1
SW2
Trusted
Port2
U -> SW1
T -> SW2
U -> Drop
T -> Next-Hop
U -> Drop
T -> Next-Hop
Switch Controller
Target state needed to update
T -> SW1
U -> SW2
Inconsistent Policy Update Problem
Summer Course Technion, Haifa, IL 2015 18
Risky Rule Update I – Update per Rule
SW0Untrusted
Port1
Untrusted
SW1
SW2
Trusted
Port2
U -> SW1
U -> SW2
U -> Drop
T -> Next-Hop
U -> Drop
T -> Next-Hop
Switch Controller
U -> SW1
T -> SW2
T -> SW1
U -> SW2
Current State Intermediate State
U -> SW1
U -> SW2
Target State
Inconsistent Policy Update Problem
Summer Course Technion, Haifa, IL 2015 19
Risky Rule Update II – Update per Rule
SW0Untrusted
Port1
Untrusted
SW1
SW2
Trusted
Port2
T -> SW1
T -> SW2
U -> Drop
T -> Next-Hop
U -> Drop
T -> Next-Hop
Switch Controller
U -> SW1
T -> SW2
T -> SW1
U -> SW2
Current State Intermediate State
T -> SW1
T -> SW2
Target State
Inconsistent Policy Update Problem
Summer Course Technion, Haifa, IL 2015 20
Safe Atomic Update – Update All Rules
SW0Untrusted
Port1
Untrusted
SW1
SW2
Trusted
Port2
T -> SW1
U -> SW2
U -> Drop
T -> Next-Hop
U -> Drop
T -> Next-Hop
Switch Controller
U -> SW1
T -> SW2
T -> SW1
U -> SW2
Current State
T -> SW1
T -> SW2
Target StateU -> SW1
U -> SW2
Inconsistent Policy Update Problem
Summer Course Technion, Haifa, IL 2015 21
Problem in Multi-Table OF Switch
OpenFlow Switch Multi-Table Inconsistency
Problem
Table
0
Table
1
Table
nPkt n
Update Rule
0
Pkt n-1 Pkt n-2 . . . Pkt 1
Update Rule
1
Update Rule
n
Old or
New
Old or
New
Pkt 0
Summer Course Technion, Haifa, IL 2015 22
Configuration Consistency
• No commodity switch hardware is consistent
• Transitions from state A to B can move
through intermediate (non-deterministic)
states
• Not a new problem but SDN can fix this with
principled hardware/software co-design
Summer Course Technion, Haifa, IL 2015 23
Consistency in Blueswitch
• Consistent double-buffered multi-flow-
table structure
Packet HeaderFields
idx
Table update interface (from API via DMA/PCIe)
0
Flow Table i
Ti(Ui)TCAM
0
Si
1
1 0
0
1
MatchStats
Si
DT
Di
Ui(Ti)TCAM
1
Ti(Ui)ACT
0
1 0
0
1
DA
Ui(Ti)ACT
1
Vp
Vi
Flow Tablei+1
Flow Tablei+1
Meta-Data
Buffer
Summer Course Technion, Haifa, IL 2015 24
Blueswitch consistent rule update
Inconsistent and consistent data-plane packet
behavior results during new policy update
Summer Course Technion, Haifa, IL 2015 25
HW Implementation Results
• Results on NF10
Summer Course Technion, Haifa, IL 2015 26
BlueSwitch – More Information
• Han J.H et al - Blueswitch: Enabling provably
consistent configuration of network switches,
ANCS 2015
• BlueSwitch source code - NetFPGA GitHub
repository
• OpenVSwitch for BlueSwitch -
https://github.com/pmundkur/ovs
Summer Course Technion, Haifa, IL 2015 27
OSNT
Summer Course Technion, Haifa, IL 2015 28
• Open-source hardware/software co-design
• For research and teaching community
Long development cycles and high cost create a
requirement for open-source network testing
www.osnt.org
• flexible
• scalable
• community-based
Summer Course Technion, Haifa, IL 2015 29
• the first OSNT prototype is based upon the
NetFPGA-10G open-source hardware
platform
• OSNT is portable across a number of HW
platforms– maximizing reuse
– minimizing reimplementation costs (as new HW,
physical interfaces become available)
• we invite everyone from the community to
audit our implementation and adapt it to your
needs
Summer Course Technion, Haifa, IL 2015 30
• NetFPGA platform enabled the first prototype
of OSNT.
• The open nature of NetFPGA ecosystem
represents the best starting point for open
HW/SW community-oriented projects.
• OSNT aims to build a community as
NetFPGA did.
Summer Course Technion, Haifa, IL 2015 31
OSNT architecture on NetFPGA-10G
OSNT flexibility provides support for a wide range
of use-cases
• OSNT-TG– a single card, capable of generating packets on four
10GbE ports
– to test a single networking system or a small network
• OSNT-MON– a single card, capable of capturing packets arriving
through four 10GbE ports
– to provide loss limited capture system with both high-
resolution and high precision timestamping
Summer Course Technion, Haifa, IL 2015 32
• Hybrid OSNT– the combination of Traffic Generator and Traffic
Monitor into single FPGA device and single card
– to perform full line-rate, per-flow characterization of a
network (device) under test
• Scalable OSNT– our approach for coordinating large numbers of
multiple generators and monitors synchronized by a
common time-base
– still largely under work
OSNT architecture on NetFPGA-10G
Summer Course Technion, Haifa, IL 2015 33
OSNT-TG
The OSNT-TG generates packets according user-
defined parameters
• PCAP replay function
• micro-engines generate packets according
(TBD)– traffic model
– list of flow values (header templates)
– data patterns
• generation process may depend on– packet size
– inter-packet delay
Summer Course Technion, Haifa, IL 2015 34
OSNT-TG architecture
• DM and RL
guarantee the
output packet rate
is the one assigned
by the user
• 27MB of SRAM
used to store the
packets
Summer Course Technion, Haifa, IL 2015 35
OSNT-TG timestamp
• timestamping just before the transmit 10GbE
MAC
• configurable offset
• timing-related measurements– latency
– jitter
Evaluating device functionalities using packet level
information requires accurate timestamping
functionality
Dst MAC ... signature pkt count tx timestamp ...
32 bit 32 bit 64 bit
Summer Course Technion, Haifa, IL 2015 36
• we could use a 64-bit counter driven by the
160MHz system clock (naïve solution)
– provides no means by which to correct oscillator frequency
drift
– produces timestamps expressed in unit of 6.25 ns
– fixed-point representation of time in seconds more useful to
host
OSNT timestamp
free-running counter?
Summer Course Technion, Haifa, IL 2015 37
OSNT timestamp
a more accurate solution…
• DDS (Direct Digital Synthesis)
– technique by which arbitrary variable frequencies can be
generated using FPGA-friendly logic (how DAG works)
– need a time reference to correct DDS rate
– optimal solution: PPS from GPS receiver
Summer Course Technion, Haifa, IL 2015 38
OSNT-TG GUI
• python GUI
• basic
functionality
management
• logger to
track down
last events
Summer Course Technion, Haifa, IL 2015 39
OSNT-TG evaluation
• performance tests against IXIA box
• full line rate regardless packet length on 2
ports
• full line rate over the 4 ports is work in
progress (main limitation due to the Virtex5
FPGA resources)
• IFG (Inter Frame Gap) is statically set to 96
bit
Summer Course Technion, Haifa, IL 2015 40
OSNT-MON
The OSNT-MON provides four main functions
• packet capture
• packet filtering permitting selection of traffic-
of-interest (5-tuple)
• high precision, accurate, packet
timestamping
• high-level traffic statistics
Summer Course Technion, Haifa, IL 2015 41
OSNT-MON architecture
• timestamp before the
receive queues
• statistic collector
(packets, bytes, IP, UDP,
TCP..)
• extensible packet parser
able to recognize VLAN
• TCAM for packet filtering
• cut/hash feature
Summer Course Technion, Haifa, IL 2015 42
• two traffic-thinning approaches
– packet filtering
– snap length
• 5-Tuple filter stage (packets that match a rule
are copied with their HW timestamp to the host)
• possibility of recording a fixed-length part of
each packet along with a hash of the discarded
part
OSNT-MON architecture
the NetFPGA-10G PCIe lacks the bandwidth to
record all traffic
Summer Course Technion, Haifa, IL 2015 43
OSNT-MON GUI
• python GUI
• basic
functionality
management
• logger to
track down
last events
Summer Course Technion, Haifa, IL 2015 44
• libpcap based tools do not work directly with
OSNT: the device driver secures performance by
bypassing the kernel network stack
• a modified version of libpcap with nanosecond
granularity is provided to records PCAP traces in
nanosecond resolution (if the appropriate user-
space SW is written)
OSNT-MON SW plane
Summer Course Technion, Haifa, IL 2015 45
• CLI-based approach (for those who do not like
GUIs)
– set rules
– check statistics
– set snap-length
– enable GPS correction
OSNT-MON SW plane
Summer Course Technion, Haifa, IL 2015 46
OSNT-MON evaluation
0
5
10
15
20
64 128 256 512 1024
Uti
liza
tio
n (
Gbp
s)
Packet size (bytes) - log10 scale
OSNT with 40B cut/hash 2-ports max rate (without loss)OSNT 2-ports max rate (without loss)OSNT 1-port max rate (without loss)
Max rate PCIe Gen1
Summer Course Technion, Haifa, IL 2015 47
Hybrid OSNT
• multiple pipelines can co-exist
• it is possible to generate/monitor at the same time on a given port
Summer Course Technion, Haifa, IL 2015 48
what can we do from here?
how can we effectively use OSNT?
• traffic characterization (OSNT is an high precision
traffic capture system)
• networking device testing (OSNT is an high
performance traffic generator)
• adapt OSNT to your needs (OSNT is open, OSNT is
a starting point)
• What about using OSNT for switch performance
evaluation/characterization? (i.e., latency)
Device Testing with OSNT
Summer Course Technion, Haifa, IL 2015 49
how is it possible to characterize a networking device
latency with OSNT?
• we can embed the transmission timestamp into the
packet
• OSNT can send packets at high rates and wait them
back
• Compare the TX timestamp with the RX one.
Switch
under test
Device Testing with OSNT
Summer Course Technion, Haifa, IL 2015 50
0
1
2
3
4
5
6
0 200 400 600 800 1000 1200 1400 1600
Dela
y (
use
c)
Packet Size (Bytes)
NF10 Router
NF10 Switch
Switch
Pica8 3780
Switch-internal
Device Testing with OSNT
woooot!!!!! I can accurately measure switching
latency!
Summer Course Technion, Haifa, IL 2015 51
• participate, contribute to the open source
network testing community
• extend OSNT with new features
ok…this is cool, but what’s next?
yes, ok..but…
• Where can we go from here?
• How can we fully exploit OSNT?
Summer Course Technion, Haifa, IL 2015 52
the effective integration of the OpenFlow protocol
in production requires a flexible and high-precision
open-source measurement platform which provide
a deep understanding of switch capabilities
Summer Course Technion, Haifa, IL 2015 53
OFLOPS
• Holistic switch evaluation framework.– API to interact with switch: SNMP, control and data plane.
– Designed to minimize measurement noise.
• Exploit OSNT traffic generation and capture
capabilities (throughput, accuracy).
• Measurement modules to define experiment scenario
and measurement.
• Use Cases:– C. Rotsos, et.al. OFLOPS: an open framework for openflow switch evaluation.
PAM’12
– D. Pediaditakis, et.al. Faithful reproduction of network experiments. ANCS '14
– J. Han, et.al. Blueswitch: Enabling provably consistent configuration of network
switches. ANCS’15
– C. Rotsos, et.al. OFLOPS-Turbo: Testing the Next-Generation OpenFlow switch.
ICC’15
Summer Course Technion, Haifa, IL 2015 54
• NetFPGA enables OSNT
• OSNT enables OFLOPS-
Turbo
OFLOPS
OFLOPS-Turbo
Summer Course Technion, Haifa, IL 2015 55
OFLOPS-turbo design
Measurement Server
...
...
OSNT
OFLOPS platform
Measure Module 1
Measure Module N
ControlChannel
DataChannels
User Space
Kernel Space
OpenFlow Switch
OSNT module
Summer Course Technion, Haifa, IL 2015 56
• OpenFlow flow table insertion measurements
• OpenFlow flow table modification measurements
• Create your own test in SW and test multi Gigabit
switches!
what can we do from here?
how can we effectively use OFLOPS-Turbo?
Summer Course Technion, Haifa, IL 2015 57
Let’s consider a testing scenario
Summer Course Technion, Haifa, IL 2015 58
Conclusion
Summer Course Technion, Haifa, IL 2015 59
Nick McKeown, Glen Gibb, Jad Naous, David Erickson,
G. Adam Covington, John W. Lockwood, Jianying Luo, Brandon Heller, Paul
Hartke, Neda Beheshti, Sara Bolouki, James Zeng,
Jonathan Ellithorpe, Sachidanandan Sambandan, Eric Lo
Acknowledgments (I)
NetFPGA Team at Stanford University (Past and Present):
NetFPGA Team at University of Cambridge (Past and Present):
Andrew Moore, David Miller, Muhammad Shahbaz, Martin Zadnik
Matthew Grosvenor, Yury Audzevich, Neelakandan Manihatty-Bojan,
Georgina Kalogeridou, Jong Hun Han, Noa Zilberman, Gianni Antichi,
Charalampos Rotsos, Marco Forconesi, Jinyun Zhang, Bjoern Zeeb
All Community members (including but not limited to):
Paul Rodman, Kumar Sanghvi, Wojciech A. Koszek,
Yahsar Ganjali, Martin Labrecque, Jeff Shafer, Eric Keller ,
Tatsuya Yabe, Bilal Anwer, Yashar Ganjali, Martin Labrecque,
Lisa Donatini, Sergio Lopez-Buedo
Kees Vissers, Michaela Blott, Shep Siegel, Cathal McCabe
Summer Course Technion, Haifa, IL 2015 60
Acknowledgements (II)
Disclaimer: Any opinions, findings, conclusions, or recommendations expressed in these materials do not necessarily reflect the views of the National Science Foundation or of any other sponsors supporting this project.This effort is also sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contract FA8750-11-C-0249. This material is approved for public release, distribution unlimited. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense or the U.S. Government.
top related